packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2095 from cgwalters/sign-get-all 

signing: Change API to create instances directly
This commit is contained in:
OpenShift Merge Robot 2020-05-11 18:41:35 +02:00 committed by GitHub
parent f572206f15 a9a81f3a29
commit 4293c36188
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 34 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apidoc/ostree-sections.txt
View File

@ -709,7 +709,7 @@ ostree_kernel_args_to_string
<SECTION> <SECTION>
<FILE>ostree-sign</FILE> <FILE>ostree-sign</FILE>
OstreeSign OstreeSign
ostree_sign_list_names ostree_sign_get_all
ostree_sign_commit ostree_sign_commit
ostree_sign_commit_verify ostree_sign_commit_verify
ostree_sign_data ostree_sign_data

2
src/libostree/libostree-devel.sym
View File

@ -23,7 +23,7 @@ global:
ostree_repo_commit_modifier_set_sepolicy_from_commit; ostree_repo_commit_modifier_set_sepolicy_from_commit;
someostree_symbol_deleteme; someostree_symbol_deleteme;
ostree_sign_get_type; ostree_sign_get_type;
ostree_sign_list_names; ostree_sign_get_all;
ostree_sign_commit; ostree_sign_commit;
ostree_sign_commit_verify; ostree_sign_commit_verify;
ostree_sign_data; ostree_sign_data;

37
src/libostree/ostree-repo-pull-verify.c
View File

@ -142,6 +142,9 @@ _signapi_load_public_keys (OstreeSign *sign,
return TRUE; return TRUE;
} }
/* Iterate over all known signing types, and check if the commit is signed
* by at least one.
*/
gboolean gboolean
_sign_verify_for_remote (OstreeRepo *repo, _sign_verify_for_remote (OstreeRepo *repo,
const gchar *remote_name, const gchar *remote_name,
@ -149,32 +152,18 @@ _sign_verify_for_remote (OstreeRepo *repo,
GVariant *metadata, GVariant *metadata,
GError **error) GError **error)
{ {
/* list all signature types in detached metadata and check if signed by any? */
g_auto (GStrv) names = ostree_sign_list_names();
guint n_invalid_signatures = 0; guint n_invalid_signatures = 0;
guint n_unknown_signatures = 0;
g_autoptr (GError) last_sig_error = NULL; g_autoptr (GError) last_sig_error = NULL;
gboolean found_sig = FALSE; gboolean found_sig = FALSE;
for (char **iter=names; iter && *iter; iter++) g_autoptr(GPtrArray) signers = ostree_sign_get_all ();
for (guint i = 0; i < signers->len; i++)
{ {
g_autoptr (OstreeSign) sign = NULL; OstreeSign *sign = signers->pdata[i];
g_autoptr (GVariant) signatures = NULL; const gchar *signature_key = ostree_sign_metadata_key (sign);
const gchar *signature_key = NULL; GVariantType *signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
GVariantType *signature_format = NULL; g_autoptr (GVariant) signatures =
g_variant_lookup_value (metadata, signature_key, signature_format);
if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL)
{
n_unknown_signatures++;
continue;
}
signature_key = ostree_sign_metadata_key (sign);
signature_format = (GVariantType *) ostree_sign_metadata_format (sign);
signatures = g_variant_lookup_value (metadata,
signature_key,
signature_format);
/* If not found signatures for requested signature subsystem */ /* If not found signatures for requested signature subsystem */
if (!signatures) if (!signatures)
@ -201,11 +190,7 @@ _sign_verify_for_remote (OstreeRepo *repo,
} }
if (!found_sig) if (!found_sig)
{ return glnx_throw (error, "No signatures found");
if (n_unknown_signatures > 0)
return glnx_throw (error, "No signatures found (%d unknown type)", n_unknown_signatures);
return glnx_throw (error, "No signatures found");
}
g_assert (last_sig_error); g_assert (last_sig_error);
g_propagate_error (error, g_steal_pointer (&last_sig_error)); g_propagate_error (error, g_steal_pointer (&last_sig_error));

11
src/libostree/ostree-repo-pull.c
View File

@ -1544,14 +1544,11 @@ scan_commit_object (OtPullData *pull_data,
gboolean found_any_signature = FALSE; gboolean found_any_signature = FALSE;
gboolean found_valid_signature = FALSE; gboolean found_valid_signature = FALSE;
/* list all signature types in detached metadata and check if signed by any? */ /* FIXME - dedup this with _sign_verify_for_remote() */
g_auto (GStrv) names = ostree_sign_list_names(); g_autoptr(GPtrArray) signers = ostree_sign_get_all ();
for (char **iter=names; iter && *iter; iter++) for (guint i = 0; i < signers->len; i++)
{ {
g_autoptr (OstreeSign) sign = NULL; OstreeSign *sign = signers->pdata[i];
if ((sign = ostree_sign_get_by_name (*iter, NULL)) == NULL)
continue;
/* Try to load public key(s) according remote's configuration */ /* Try to load public key(s) according remote's configuration */
if (!_signapi_load_public_keys (sign, pull_data->repo, pull_data->remote_name, error)) if (!_signapi_load_public_keys (sign, pull_data->repo, pull_data->remote_name, error))

37
src/libostree/ostree-sign.c
View File

@ -436,8 +436,6 @@ ostree_sign_commit_verify (OstreeSign *self,
* *
* Return the pointer to the name of currently used/selected signing engine. * Return the pointer to the name of currently used/selected signing engine.
* *
* The list of available engines could be acquired with #ostree_sign_list_names.
*
* Returns: (transfer none): pointer to the name * Returns: (transfer none): pointer to the name
* @NULL in case of error (unlikely). * @NULL in case of error (unlikely).
* *
@ -515,28 +513,27 @@ ostree_sign_commit (OstreeSign *self,
} }
/** /**
* ostree_sign_list_names: * ostree_sign_get_all:
* *
* Return an array with all available sign engines names. * Return an array with newly allocated instances of all available
* signing engines; they will not be initialized.
* *
* Returns: (transfer full): an array of strings, free when you used it * Returns: (transfer full) (element-type OstreeSign): an array of signing engines
* *
* Since: 2020.2 * Since: 2020.2
*/ */
GStrv GPtrArray *
ostree_sign_list_names(void) ostree_sign_get_all (void)
{ {
g_autoptr(GPtrArray) engines = g_ptr_array_new_with_free_func (g_object_unref);
for (guint i = 0; i < G_N_ELEMENTS(sign_types); i++)
{
OstreeSign *engine = ostree_sign_get_by_name (sign_types[i].name, NULL);
g_assert (engine);
g_ptr_array_add (engines, engine);
}
GStrv names = g_new0 (char *, G_N_ELEMENTS(sign_types) + 1); return g_steal_pointer (&engines);
gint i = 0;
for (i=0; i < G_N_ELEMENTS(sign_types); i++)
{
names[i] = g_strdup(sign_types[i].name);
g_debug ("Found '%s' signing engine", names[i]);
}
return names;
} }
/** /**
@ -544,11 +541,9 @@ ostree_sign_list_names(void)
* @name: the name of desired signature engine * @name: the name of desired signature engine
* @error: return location for a #GError * @error: return location for a #GError
* *
* Tries to find and return proper signing engine by it's name. * Create a new instance of a signing engine.
* *
* The list of available engines could be acquired with #ostree_sign_list_names. * Returns: (transfer full): New signing engine, or %NULL if the engine is not known
*
* Returns: (transfer full): a constant, free when you used it
* *
* Since: 2020.2 * Since: 2020.2
*/ */

2
src/libostree/ostree-sign.h
View File

@ -153,7 +153,7 @@ gboolean ostree_sign_load_pk (OstreeSign *self,
_OSTREE_PUBLIC _OSTREE_PUBLIC
GStrv ostree_sign_list_names(void); GPtrArray * ostree_sign_get_all(void);
_OSTREE_PUBLIC _OSTREE_PUBLIC
OstreeSign * ostree_sign_get_by_name (const gchar *name, GError **error); OstreeSign * ostree_sign_get_by_name (const gchar *name, GError **error);